--- layout: "azurerm" page_title: "Azure Resource Manager: azurerm_key_vault" sidebar_current: "docs-azurerm-resource-key-vault" description: |- Create a Key Vault. --- # azurerm\_key\_vault Create a ServiceBus Subscription. ## Example Usage ``` resource "azurerm_resource_group" "test" { name = "resourceGroup1" location = "West US" } resource "azurerm_key_vault" "test" { name = "testvault" location = "West US" resource_group_name = "${azurerm_resource_group.test.name}" sku { name = "standard" } tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" access_policy { tenant_id = "d6e396d0-5584-41dc-9fc0-268df99bc610" object_id = "d746815a-0433-4a21-b95d-fc437d2d475b" key_permissions = [ "all" ] secret_permissions = [ "get" ] } enabled_for_disk_encryption = true tags { environment = "Production" } } ``` ## Argument Reference The following arguments are supported: * `name` - (Required) Specifies the name of the ServiceBus Subscription resource. Changing this forces a new resource to be created. * `location` - (Required) Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. * `resource_group_name` - (Required) The name of the resource group in which to create the namespace. Changing this forces a new resource to be created. * `sku` - (Required) An SKU block as described below. * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. * `access_policy` - (Required) An access policy block as described below. At least one policy is required up to a maximum of 16. * `enabled_for_deployment` - (Optional) Boolean flag to specify whether Azure Virtual Machines are permitted to retrieve certificates stored as secrets from the key vault. Defaults to false. * `enabled_for_disk_encryption` - (Optional) Boolean flag to specify whether Azure Disk Encryption is permitted to retrieve secrets from the vault and unwrap keys. Defaults to false. * `enabled_for_template_deployment` - (Optional) Boolean flag to specify whether Azure Resource Manager is permitted to retrieve secrets from the key vault. Defaults to false. * `tags` - (Optional) A mapping of tags to assign to the resource. `sku` supports the following: * `name` - (Required) SKU name to specify whether the key vault is a `standard` or `premium` vault. `access_policy` supports the following: * `tenant_id` - (Required) The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault. Must match the `tenant_id` used above. * `object_id` - (Required) The object ID of a user, service principal or security group in the Azure Active Directory tenant for the vault. The object ID must be unique for the list of access policies. * `key_permissions` - (Required) List of key permissions, must be one or more from the following: `all`, `backup`, `create`, `decrypt`, `delete`, `encrypt`, `get`, `import`, `list`, `restore`, `sign`, `unwrapKey`, `update`, `verify`, `wrapKey`. * `secret_permissions` - (Required) List of secret permissions, must be one or more from the following: `all`, `delete`, `get`, `list`, `set`. ## Attributes Reference The following attributes are exported: * `id` - The Vault ID. * `vault_uri` - The URI of the vault for performing operations on keys and secrets.